Preventing users of a team from using a feature is a security vulnerability or not?

bugcrowd / vulnerability-rating-taxonomy

Bugcrowd’s baseline priority ratings for common security vulnerabilities

https://bugcrowd.com/vrt

Apache License 2.0

443 stars 84 forks source link

Preventing users of a team from using a feature is a security vulnerability or not? #129

Closed Mrsharmax closed 6 years ago

Mrsharmax commented 6 years ago

Should it be marked as N/A in the first place or should be sent to programs team to decide what to do with it?

truemongo commented 6 years ago

Hi @itsgopsss, I think it depends a lot on the feature, and also how you are preventing them from using the feature. It might be covered by the following entries? P2 | Application-Level Denial-of-Service (DoS) | Critical Impact and/or Easy Difficulty P3 | Application-Level Denial-of-Service (DoS) | High Impact and/or Medium Difficulty Do you have a more specific example (without disclosing the program?)

ryancblack commented 6 years ago

@itsgopsss,

@truemongo is correct in what this may be categorized. If you have examples that may be discussed in appropriate terms in this forum and for the benefit of the VRT itself please raise them.

However please do keep in mind that vulnerability details or private program information should not be discussed in GitHub. If your concern is specific to one or more submissions and their triage outcome please contact Bugcrowd's researcher success team.